Mobile devices have become personal and trusted devices resulting from an increase in mobile telephone networks and through advances in technology and the addition of functionalities. Additionally, a number of systems have been established which provide personalized and localized services for mobile devices. Bluetooth Low Energy (BLE), introduced as part of the Bluetooth 4.0 specification, is a low energy variant of the Bluetooth short range wireless standard. The purpose of BLE is to provide an extremely low power wireless system. For example, BLE device may be powered by a coin-size battery. The low cost, robustness, and data throughput provided by BLE devices has made BLE an attractive option for many applications in industrial, environmental, automotive, and medical environments, such that BLE devices have been incorporated into systems to provide personalized and localized service. To illustrate, BLE devices can be used to provide location based services for mobile devices.
In a location based service, a beacon device (e.g., a BLE device) provides a short range beacon that provides location-specific information to a mobile device. The beacon device is programmed to broadcast a beacon ID (included in a beacon message or a beacon packet) to mobile devices in a vicinity of the beacon device. A mobile device detects such a beacon ID and an application (e.g., dedicated mobile location based service application) can look up, based on the beacon ID, where to download the content corresponding to the received beacon message. The beacon message may include data components, such as: (1) a universally unique identifier (UUID), (2) Major, (3) Minor, and TX Power, as illustrative, non-limiting examples. The value of the UUID usually corresponds to a particular App or company, and the combination of Major and Minor permit divisions of beacons (e.g., beacon types) belonging to the company or the same UUID. TX Power may specify the power at 1 meter from the beacon so that an mobile device configured to read a received signal strength indicator (RSSI) would be possible to estimate the mobile device's distance from the beacon device.
The beacon device (e.g., the BLE device) typically uses short range wireless communication, such as Bluetooth, which enables a mobile device to quickly obtain information transmitted via the beacon. Because of the short range nature of the beacon message communicated from the beacon device, the beacon message does not have the capability to connect directly to a central network (or server) by way of the global communications system. Accordingly, the mobile device retrieves a code (or address) from the beacon message and then uses the mobile device's global communications system to download related information from a central network, such as a server (e.g., a cloud server).
The fact that beacon devices often transmit beacons (e.g., beacon messages) that can be detected by nearly every capable mobile device raises concerns regarding the security of beacons. For example, security threats related to beacons and use of beacons for location based services include spoofing attacks, piggybacking attacks, and re-programming attacks.
Spoofing Attacks
Beacon devices unselectively broadcast beacon IDs, which means that anyone with a receiver (e.g., a Bluetooth 4.0 receiver) would be able to listen the beacon messages. As a result, it is possible for an attacker to forge fake beacons with the same ID (possibly placed in different locations geographically) by “spoofing” the original beacon ID. A mobile device cannot tell apart a real beacon and a fake beacon since the beacon IDs of the real beacon and the fake beacon are the same. While the real beacon is useful in providing a location based service, the fake beacon however could be problematic. For example, when beacons are used for an indoor location application or other location based service, the fake beacon can cause confusion and inaccurate location positions.
Piggybacking Attacks
A piggybacking or hijacking attack refers to a situation where an unauthorized party attempts to operate its own service at least in part by leveraging, without consent or authorization, the beacon infrastructure maintained and controlled by others. Beacon devices unselectively broadcast beacon IDs, the unauthorized party can listen to and record all beacon IDs of interest and record locations corresponding to the beacon IDs, and build an application and provide services using the recorded beacon IDs. In some situations, the unauthorized party may be a business competitor of the legitimate owner/operator of the beacon infrastructure, so that the unauthorized part can offer a competing coupon with a more attractive deal for customers whenever the customers receive a coupon from the authorized owner as triggered by the proximity to particular beacon devices.
Re-Programming Attacks
Some beacon devices allow over-the-air programming or software update. Without proper authentication implemented at a beacon devices, an attacker can potentially gain access to the beacon device and re-program the beacon device, such as re-programming the beacon device with a new beacon ID. Re-programming the beacon device with a new beacon ID may render the original service associated with the beacon device unavailable—a kind of denial of service attack.
While location based services are attractive and beneficial to owners of mobile devices, as well as business owners, security threats (e.g., spoofing attacks, piggybacking attacks, and re-programming attacks) exist when location based services are provided. Such threats reduce an effectiveness of location bases services (e.g., increase overhead and network traffic), decrease network and device efficiency (e.g., waste device power), and have the effect of prohibiting and discouraging widespread adoption of location based services.